This works fine so far, i get an alert every 10 seconds. Next is the problem:

var s = "some html";
document.write(s);
document.close();

After this code is executed the function print_alert() stops working (like the thread is dead). Why is this so ? Is it possible to let the function still be active after a document.write() ?

liorean

06-06-2006, 02:22 AM

document.write doesn't interrupt anything. Unloading the document does, however. Loading another document means the current document will be unloaded.

If document.write is used after the document parsing has ended or the document stream has otherwise been closed, it will load the code as a new document instead.

oivind

06-06-2006, 02:27 AM

I make a script to prevent users of an evaluation version of a CMS that is under development to remove a textbox on top of the page. I print the textbox several times pr second to be sure it is not removed on the evaluation version. But if some user uses the write function to overwrite the page after filtering out the tekstbox the function stops running (because of the new document). I still want the function to push out new textboxes, any suggestions ?

oivind

06-06-2006, 02:38 AM

there is an event named 'onunload' that fires when a document is unloaded (by ex. write()). Is it it possible to pick up the new document before the old is discarded to do some checks, and if the new document is denied, is it possible to terminate the document unload ?

Blazer2000x

06-06-2006, 06:13 AM

Hmmm... I'm not quite sure I know what you mean. Depending on what you mean, here are two solutions: When you use the document.write() function it replaces the current document with whatever you tell it to. If you go to view source on a document after the write() function has been used you'll see that write()'s value is all that's left of it.
SOLUTION 1:
Have you tried just making the computer write out another script for generating the text box and printing it along with the text box? That wayafter the text box is printed, the script will still be there. Ex:

SOLUTION 2:
I really don't like that function except maybe for writing to newly opened windows. Why don't you try changing the innerHTML instead? Ex:

<div name="adiv" id="adiv"></div>

<script language="JavaScript">
function rediv() {
alert("This thingy will popup every 10th second, no matter what the div changes to.");
adiv.innerHTML = "Whatever you wanted to put here. Even the hole body of the page if you want. This script that changes it will remain untouched.";
window.setTimeout(rediv(), 10000);
}
</script>

Call the script with onLoad to start it and it loops forever without interupting itself by accident. You can even store the entire page you were talking about as a variable and search it for the text box with a separate script to make sure it's there before printing the page again. If it isn't there you can just add it in.

Beagle

06-06-2006, 03:51 PM

@oivind

You can't do this with any degree of certainty. I can easily redfine what your function does. I can easily change the definition of your recursive function and that will end it right there. No need for me to use document.write

oivind

06-06-2006, 09:02 PM

Yes this problem is giving me a headache =) but i think it will be good enough for most users. Some will try to hack it, but it still need some skills, that's something I got to accept...

The alternative is to deny any javascripts witout my own..

How do you redefine a function ?

Beagle

06-06-2006, 09:04 PM

just define it twice

Beagle

06-06-2006, 09:08 PM

I don't think you need to give users the ability to put in javascripts. I don't know many places that do allow it, precisely for this problem. There's a lot worse they can do, ya know. They can rework the entire document structure, they can import porn or copyrighted materials, they can spin infinite loops to crash a browser or render it unusable, they can even try some fishing techniques, using XMLHTTPRequests to phone home to a collection server.

Giving people the arbitrary ability to code their own crap on a system you're responsible for is BAD news, and since there's no way to define what scripts can and cannot be allowed, there really is no way to prevent them from doing anything. So either accept the chaos that will come for everything and don't waste your time coding futile hurdles, or don't give them javascript if you want to prevent the chaos.

oivind

06-06-2006, 09:20 PM

Since the CMS will be distributed as encrypted php code, i though of just importing one default empty javascript onload that the CMS clients could define as they want, and i have the possibility to search through that javascript before it is loaded, every other javascript or code will be removed before the page is sendt from server to browser (ex document.write(...)<--remove)

I don't think any CMS client want's to import porn on their own CMS webpage =) But they want to remove the textbox that says it is an evaluation version.

But with that function redefinition really makes my solution even worse =)